Logo des Repositoriums

Auflistung nach Autor:in "Fritsch, Lothar"

1 - 10 von 33
  • Konferenzbeitrag
    Aktuelle Hinderungsgründe für den kommerziellen Erfolg von Location-BasedService-Angeboten
    (Mobile Business - Processes, Platforms, Payments, Proceedings zur 5. Konferenz Mobile Commerce Technologien und Anwendungen (MCTA 2005), 2005) Fritsch, Lothar; Muntermann, Jan
    Location Based Services (LBS) werden große Umsatzpotentiale für mobile Datendienste zugeschrieben, da durch sie personalisierte, ortsabhängige Dienste für Nutzer maßgeschneidert angeboten werden können. Doch trotz vorhandener Geschäftsmodelle und weiter Verbreitung der Mobilfunkinfrastrukturen ist das Dienstangebot überschaubar, die Umsätze ebenso. Zur Ursachenforschung befragten wir Mobilfunknutzer nach ihren Bedürfnissen und ihrer Zahlungsbereitschaft für LBS und vergleichen die Ergebnisse mit einer Erhebung zum Dienstangebot und zur Bepreisung real existierender Dienste in deutschen Mobilfunknetzen. Fokus der Erhebung ist eine Analyse der Übereinstimmung von Kundenerwartungen und Angebot bei Diensttypen und -bepreisung. Zusätzlich wurden Datenschutzeinstellungen der Befragten erhoben, um sie als mögliche Inhibitoren für LBS mit zu berücksichtigen.
  • Konferenzbeitrag
    App-generated digital identities extracted through Android permission-based data access - a survey of app privacy
    (SICHERHEIT 2020, 2020) Momen, Nurul; Fritsch, Lothar
    Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.
  • Textdokument
    A Comparison of Payment Schemes for the IoT
    (Open Identity Summit 2017, 2017) Bohli, Jens-Matthias; Dietrich, Aljoscha; Petrlic, Ronald; Sorge, Christoph
    Technologies for the IoT have reached a high level of maturity, and a large-scale deployment will soon be possible. For the IoT to become an economic success, easy access to all kinds of real-world information must be enabled. Assuming that not all services will be available for free, an IoT infrastructure should support access control, accounting, and billing. We analyze available access control and payment schemes for their potential as payment schemes in the IoT. In addition to security and privacy, we discuss suitability for direct client to sensor communication and efficiency. We show shortcomings of existing protocols that need to be addressed by future research.
  • Konferenzbeitrag
    Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics
    (Open Identity Summit 2020, 2020) Bisztray, Tamas; Gruschka, Nils; Mavroeidis, Vasileios; Fritsch, Lothar
    Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
  • Textdokument
    Derived Partial Identities Generated from App Permissions
    (Open Identity Summit 2017, 2017) Fritsch, Lothar; Momen, Nurul
    This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
  • Textdokument
    Design and Implementation Aspects of Mobile Derived Identities
    (Open Identity Summit 2017, 2017) Träder, Daniel; Zeier, Alexander; Heinemann, Andreas
    With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile user authentication is often favoured. This naturally supports two-factor authentication schemes (2FA). We use the term mobile derived identity to stress two aspects: a) the identity is enabled for mobile usage and b) the identity is somehow derived from a physical or digital proof of identity. This work reviews 21 systems and publications that support mobile derived identities. One subset of the considered systems is already in place (public or private sector in Europe), another subset is subject to research. Our goal is to identify prevalent design and implementation aspects for these systems in order to gain a better understanding on best practises and common views on mobile derived identities. We found, that research prefers storing identity data on the mobile device itself whereas real world systems usually rely on cloud storage. 2FA is common in both worlds, however biometrics as second factor is the exception.
  • Konferenzbeitrag
    Electronic identity mass compromize: Options for recovery
    (Open Identity Summit 2023, 2023) Fritsch, Lothar
    A National Digital Identity Framework should be designed in a proactive manner, should focus on a resilience-oriented approach, and should be aimed at limiting the risks that may originate from identity data management [IT18]. What is the preparedness of digital identity providers for recovery from compromise that affects large numbers of identities? Failures or attacks may destroy authenticators, data or trust chains that are the foundations of large identity ecosystems. The re-issuance of digital identities, of authenticators or the re-enrollment of the user base should get planned as contingency measures. Important parameters will be recovery time, complexity of re-registering subjects, distribution of effort between certification authorities, registrars and relying parties, and the availability of alternative technologies and staff resources. The article will, based on a review of standards and requirements documents, present evidence for a shortage of recovery readiness that endangers relying parties and identity ecosystems. From a review of standards and practice, we extract recovery procedures as far as they are planned for.
  • Konferenzbeitrag
    Emerging biometric modalities and their use: Loopholes in the terminology of the GDPR and resulting privacy risks
    (BIOSIG 2021 - Proceedings of the 20th International Conference of the Biometrics Special Interest Group, 2021) Bisztray, Tamás; Gruschka, Nils; Bourlai, Thirimachos; Fritsch, Lothar
    Technological advancements allow biometric applications to be more omnipresent than in any other time before. This paper argues that in the current EU data protection regulation, classification applications using biometric data receive less protection compared to biometric recognition. We analyse preconditions in the regulatory language and explore how this has the potential to be the source of unique privacy risks for processing operations classifying individuals based on soft traits like emotions. This can have high impact on personal freedoms and human rights and, therefore, should be subject to data protection impact assessment.
  • Textdokument
    An explorative approach on the impact of external and organizational events on information security
    (Open Identity Summit 2017, 2017) Ajazaj, Ilirjana; Kurowski, Sebastian
    This contribution aims at the research question on which observable organizational events occur prior to an information security incident, and how these may relate to the organization. It therefore uses a dataset that was built using Google News, and the list of data breaches from [Mc17] to analyse which organizational events occur most often. It provides a categorization of these events, which were built by using a grounded theory approach. On the other hand, causal chains are constructed by sing the sociologic system theory and constructivism. Both, the causal chains and the organizational event categories are applied together within this contribution to discuss, the likelihood of the causalities of the occurred events. However, events, such as financial gains also exhibit a higher occurrence prior to an information security incident. This contribution is a speculative, yet first approach on this question. Further research will focus on refining the constructed causalities.
  • Konferenzbeitrag
    Extraction and Accumulation of Identity Attributes from the Internet of Things
    (Open Identity Summit 2021, 2021) Fritsch, Lothar; Gruschka, Nils
    Internet of Things (IoT) devices with wireless communication provide person-relateable information usable as attributes in digital identities. By scanning and profiling these signals against location and time, identity attributes can be generated and accumulated. This article introduces the concept of harvesting identifiable information from IoT. It summarizes ongoing work that aims at assessing the amount of person-relatable attributes that can get extracted from public IoT signals. We present our experimental data collection in Oslo/Norway and discuss systematic harvesting, our preliminary results, and their implications.